Home Publications CV Talks FAQ Bio
Research Overview
 
Our research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We do research in smartphone privacy, usable security, and AI bias and fairness, drawing on ideas and methods from human-computer interaction, machine learning, systems, and social psychology.

We have had a lot of positive impact on science and on practice. Our work on anti-phishing was adopted by industry groups, inspired the design of anti-phishing browser warnings. Our team's work on PrivacyGrade.org has influenced industry and policy makers with respect to smartphone privacy. We also developed new kinds of smartphone user interfaces for privacy as part of the DARPA Brandeis Privacy Enhancements for Android.

Our work has also been featured in CNN, New York Times, BBC, CBS News, MIT Tech Review, World Economic Forum, and more. Our team has been generously funded by DARPA, National Science Foundation, Army Research Office, Amazon, IBM, Google, Intel, Microsoft, Nokia, NQ Mobile, Pitney Bowes, Portugal Telecom, Samsung, Yahoo, CMU Cylab, the Alfred P. Sloan Foundation, and more.

I help run the Pervasive Computing subreddit. I sometimes write for BLOG@CACM. I was also a co-founder of Wombat Security Technologies, which developed cybersecurity training software that helped train millions of people around the world. Wombat Security was acquired by Proofpoint in March 2018.

What's New?
Apr 27, 2021
New paper on arxiv summarizing our work on DARPA Brandeis project for smartphone privacy: The Design of the User Interfaces for Privacy Enhancements for Android

Apr 24, 2021
Use our SA-6 and SA-13 survey instrument to assess people's security attitudes. You can also take the SA-6 quiz online here.

Apr 22, 2021
Posted new paper to arxiv, What Makes People Install a COVID-19 Contact-Tracing App? Understanding the Influence of App Design and Individual Difference on Contact-Tracing App Adoption Intention

Feb 10, 2021
We just received $1M in new funding from NSF and Amazon to investigate Fairness in AI!

Oct 21, 2020
I did a keynote talk for CHIuXiD entitled Privacy for Mobile Sensing Systems.

Jun 29, 2020
I've joined the Board of Trustees of the GSSM Foundation (my old high school)

Jun 17, 2020
Thanks to Amazon for funding our research on fairness and understandability in AI!

May 1, 2020
Our web site showcasing our work on the user interfaces for DARPA Brandeis smartphone privacy is now up

Feb 14, 2020
I'm now a member of CHI Academy!

Mar 13, 2019
I wrote a blog entry on CACM entitled Why is Privacy So Hard?

Mar 5, 2019
My wife and I helped found two junior faculty chairs in the Human-Computer Interaction Institute at CMU.

Feb 26, 2019
I gave a talk at Lakehead University entitled Are My Devices Spying on Me? Living in a World of Ubiquitous Computing.

Nov 30, 2018
Our team has released the MobiPurpose data set. It contains over 2 million unique intercepted traffic requests from 15k+ smartphone apps, gathered from our array of smartphones.

Oct 2, 2018
I gave a keynote talk at VL/HCC 2018 entitled Helping Developers with Privacy.

Jul 1, 2018
I am now officially a full professor at Carnegie Mellon University. Sadly, there does not seem to be a secret handshake.

Mar 1, 2018
Wombat Security, which I co-founded in 2008, was acquired by Proofpoint for $225m!

Sep 1, 2017
I wrote a roadmap for privacy research entitled The Privacy Landscape for Pervasive and Ubiquitous Computing.

Sep 1, 2017
PrivacyStreams (PDF | GitHub) makes it easier for Android devs to get the data they want, while also improving privacy. The programming model uses a functional stream processing approach (a bit like Unix pipes), which also makes it easy to analyze the code and output statements like "this app uses microphone for loudness".

May 29, 2017
I was recently honored with Alumni of the Year from my old high school, South Carolina Governor's School for Science and Math. Here is a link to my speech at the commencement.

May 16, 2017
The HCII and the Tepper School of Business are offering a new Master's Degree of Product Management. I'm helping to run the HCII side.

Jun 7, 2016
White paper with New America entitled Toward a Safe and Secure Internet of Things.

Feb 20, 2016
Keynote talk at ICISSP 2016 entitled Privacy, Ethics, and Big (Smartphone) Data.

Sep 9, 2015
Presented some of our team's work on using smartphones for healthcare at the World Economic Forum at Dalian.

Aug 13, 2015
Our CCS 2014 paper Increasing Security Sensitivity with Social Proof: A Large-Scale Experimental Confirmation won Honorable Mention at NSA's Best Scientific Cybersecurity Paper Competition.

Jun 17, 2015
I'm honored to now be a New America National Cybersecurity Fellow.

Dec 26, 2014
PrivacyGrade.org presents our privacy analysis of 1 million Android apps. Our work has appeared on CNN, US News and World Report, New York Times, CNBC, IEEE Spectrum, Forbes, and more.

Sep 17, 2014
My brother and I have created the Frances and Chou-Chu Hong graduate fellowship at the Veterinary and Animal Sciences Department at the University of Massachusetts.

Oct 25, 2013
Gave a talk at PopTech 2013 on sensing and privacy. See slides and video here.

Apr 9, 2012
Livehoods.org re-imagines how cities work in the age of social media. Livehoods has been featured in The Atlantic Cities, Wired Insider, MIT Technology Review, Fast Company Co.Design, New York Post, Wall Street Journal, and Haaretz.

Current Research


Some Older Research
Personal Behavioral Data
How can we make better use of all of the wealth of personal behavioral data (smartphones, web usage, social networking) to develop a better computational model of people, places, activities, and things?

UniAuth: Streamlining Authentication for Ubiquitous Computing
What kinds of protocols, APIs, and user interfaces are needed for our smartphones to manage all of our authentication needs, both for the web and Internet of Things? See our set of papers on authentication for ubicomp here.

Urban Analytics
How can we use location data from smartphones and social media to understand cities? See our papers on urban analytics here.

User-Controllable Security & Privacy for Pervasive Computing
How can we combine machine learning, dialog, and better user interfaces to empower people to manage their privacy? See our papers on ubicomp privacy here.

Anti-Phishing
Why do people fall for phishing scams? Can we train people not to fall for scams? Can we also develop techniques to detect phishing emails? See our large set of papers on anti-phishing here.

Rapid Prototyping and UX Design Tools
How can we help people design interactive systems faster and better? My past work in this area include sketching interfaces, design patterns, and tools for rapid prototyping. See our set of papers on design tools here.

The CHIMPS Research Team
 
Our research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We have an amazingly talented group of PhD students and post-docs: Some alums of the CHIMPS group:
  • Karen Tang
  • Janne Lindqvist, now an Assoc Prof at Aalto (previously Rutgers)
  • Polo Chau (with Christos Faloutsos and Niki Kittur), now an assoc prof at Georgia Tech
  • Guang Xiang (with Carolyn Rose), now doing an AI startup in China
  • Jialiu Lin (with Norman Sadeh), now a privacy engineer at Google
  • Shah Amini, now at Facebook (previously Appthority and Google)
  • Jun Ki Min, now at Motorola
  • Mike Villena, now at Appthority
  • Afsaneh Doryab, now an Asst Prof at UVa (previously CMU)
  • Song Luan, now at YouTube (previously Uber)
  • Jason Wiese (with John Zimmerman), now an Asst Prof at University of Utah
  • Eiji Hayashi, now at Google ATAP
  • Sauvik Das, now an Asst Prof at Georgia Tech
  • Dan Tasse, now a data scientist at StitchFix
  • Siyan Zhao
Some of My Writings and Other Stuff I Helped Create
Running Program Committees My Cybersecurity Advice (for general audiences) Research Tools, Software, Data Sets, and Web Sites Instructor Guides and Reading Seminars Advice for PhD students and Grad School Applicants Odds and Ends The Design of Sites
I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the design of customer-centered web sites. Check out the web site for our book The Design of Sites. Our book has been translated into Polish, Chinese, Korean (and possibly other languages as well).
Service
Current Service Some Past Service